resource"google_container_cluster""primary"{name="marcellus-wallace"zone="us-central1-a"initial_node_count=3additional_zones=["us-central1-b","us-central1-c",]master_auth{username="mr.yoda"password="adoy.rm"}node_config{oauth_scopes=["https://www.googleapis.com/auth/compute","https://www.googleapis.com/auth/devstorage.read_only","https://www.googleapis.com/auth/logging.write","https://www.googleapis.com/auth/monitoring",]labels{foo="bar"}tags=["foo","bar"]}}# The following outputs allow authentication and connectivity to the GKE Cluster.output"client_certificate"{value="${google_container_cluster.primary.master_auth.0.client_certificate}"}output"client_key"{value="${google_container_cluster.primary.master_auth.0.client_key}"}output"cluster_ca_certificate"{value="${google_container_cluster.primary.master_auth.0.cluster_ca_certificate}"}

name - (Required) The name of the cluster, unique within the project and
zone.

zone - (Optional) The zone that the master and the number of nodes specified
in initial_node_count should be created in. Only one of zone and region
may be set. If neither zone nor region are set, the provider zone is used.

region (Optional)
The region to create the cluster in, for
Regional Clusters.
In a Regional Cluster, the number of nodes specified in initial_node_count is
created in three zones of the region (this can be changed by setting additional_zones).
This property is in beta, and should be used with the terraform-provider-google-beta provider.
See Provider Versions for more details on beta fields.

additional_zones - (Optional) The list of additional Google Compute Engine
locations in which the cluster's nodes should be located. If additional zones are
configured, the number of nodes specified in initial_node_count is created in
all specified zones.

enable_binary_authorization - (Optional) Enable Binary Authorization for this cluster.
If enabled, all container images will be validated by Google Binary Authorization.
This property is in beta, and should be used with the terraform-provider-google-beta provider.
See Provider Versions for more details on beta fields.

enable_kubernetes_alpha - (Optional) Whether to enable Kubernetes Alpha features for
this cluster. Note that when this option is enabled, the cluster cannot be upgraded
and will be automatically deleted after 30 days.

enable_tpu - (Optional) Whether to enable Cloud TPU resources in this cluster.
See the official documentation.
This property is in beta, and should be used with the terraform-provider-google-beta provider.
See Provider Versions for more details on beta fields.

enable_legacy_abac - (Optional) Whether the ABAC authorizer is enabled for this cluster.
When enabled, identities in the system, including service accounts, nodes, and controllers,
will have statically granted permissions beyond those provided by the RBAC configuration or IAM.
Defaults to false

initial_node_count - (Optional) The number of nodes to create in this
cluster (not including the Kubernetes master). Must be set if node_pool is not set.

ip_allocation_policy - (Optional) Configuration for cluster IP allocation. As of now, only pre-allocated subnetworks (custom type with secondary ranges) are supported.
This will activate IP aliases. See the official documentation
Structure is documented below.

logging_service - (Optional) The logging service that the cluster should
write logs to. Available options include logging.googleapis.com,
logging.googleapis.com/kubernetes (beta), and none. Defaults to logging.googleapis.com

maintenance_policy - (Optional) The maintenance policy to use for the cluster. Structure is
documented below.

master_ipv4_cidr_block - (Optional, Deprecated) Specifies a private
RFC1918 block for the master's VPC. The master range must not overlap with any subnet in your cluster's VPC.
The master and your cluster use VPC peering. Must be specified in CIDR notation and must be /28 subnet.
This property is in beta, and should be used with the terraform-provider-google-beta provider.
See Provider Versions for more details on beta fields.
This field is deprecated, use private_cluster_config.master_ipv4_cidr_block instead.

min_master_version - (Optional) The minimum version of the master. GKE
will auto-update the master to new versions, so this does not guarantee the
current master version--use the read-only master_version field to obtain that.
If unset, the cluster's version will be set by GKE to the version of the most recent
official release (which is not necessarily the latest version).

monitoring_service - (Optional) The monitoring service that the cluster
should write metrics to.
Automatically send metrics from pods in the cluster to the Google Cloud Monitoring API.
VM metrics will be collected by Google Compute Engine regardless of this setting
Available options include
monitoring.googleapis.com, monitoring.googleapis.com/kubernetes (beta) and none.
Defaults to monitoring.googleapis.com

network - (Optional) The name or self_link of the Google Compute Engine
network to which the cluster is connected. For Shared VPC, set this to the self link of the
shared network.

node_pool - (Optional) List of node pools associated with this cluster.
See google_container_node_pool for schema.
Warning: node pools defined inside a cluster can't be changed (or added/removed) after
cluster creation without deleting and recreating the entire cluster. Unless you absolutely need the ability
to say "these are the only node pools associated with this cluster", use the
google_container_node_pool resource instead of this property.

node_version - (Optional) The Kubernetes version on the nodes. Must either be unset
or set to the same value as min_master_version on create. Defaults to the default
version set by GKE which is not necessarily the latest version.

private_cluster_config - (Optional) A set of options for creating
a private cluster. Structure is documented below.
This property is in beta, and should be used with the terraform-provider-google-beta provider.
See Provider Versions for more details on beta fields.

private_cluster - (Optional, Deprecated) If true, a
private cluster will be created, meaning
nodes do not get public IP addresses. It is mandatory to specify master_ipv4_cidr_block and
ip_allocation_policy with this option.
This property is in beta, and should be used with the terraform-provider-google-beta provider.
See Provider Versions for more details on beta fields.
This field is deprecated, use private_cluster_config.enable_private_nodes instead.

project - (Optional) The ID of the project in which the resource belongs. If it
is not provided, the provider project is used.

resource_labels - (Optional) The GCE resource labels (a map of key/value pairs) to be applied to the cluster.

subnetwork - (Optional) The name or self_link of the Google Compute Engine subnetwork in
which the cluster's instances are launched.

The addons_config block supports:

horizontal_pod_autoscaling - (Optional) The status of the Horizontal Pod Autoscaling
addon, which increases or decreases the number of replica pods a replication controller
has based on the resource usage of the existing pods.
It ensures that a Heapster pod is running in the cluster, which is also used by the Cloud Monitoring service.
It is enabled by default;
set disabled = true to disable.

http_load_balancing - (Optional) The status of the HTTP (L7) load balancing
controller addon, which makes it easy to set up HTTP load balancers for services in a
cluster. It is enabled by default; set disabled = true to disable.

kubernetes_dashboard - (Optional) The status of the Kubernetes Dashboard
add-on, which controls whether the Kubernetes Dashboard is enabled for this cluster.
It is enabled by default; set disabled = true to disable.

network_policy_config - (Optional) Whether we should enable the network policy addon
for the master. This must be enabled in order to enable network policy for the nodes.
It can only be disabled if the nodes already do not have network policies enabled.
Set disabled = true to disable.

The cluster_autoscaling block supports:
* enabled - (Required) Whether cluster autoscaling (also called autoprovisioning) is
enabled. To set this to true, make sure your config meets the rest of the
requirements. Notably, you'll need min_master_version of at least 1.11.2.
* resource_limits - (Optional) A list of limits on the autoprovisioning.
See the docs
for an explanation of what options are available. If enabling autoprovisioning, make
sure to set at least cpu and memory. Structure is documented below.

cluster_secondary_range_name - (Optional) The name of the secondary range to be
used as for the cluster CIDR block. The secondary range will be used for pod IP
addresses. This must be an existing secondary range associated with the cluster
subnetwork.

services_secondary_range_name - (Optional) The name of the secondary range to be
used as for the services CIDR block. The secondary range will be used for service
ClusterIPs. This must be an existing secondary range associated with the cluster
subnetwork.

cluster_ipv4_cidr_block - (Optional) The IP address range for the cluster pod IPs.
Set to blank to have a range chosen with the default size. Set to /netmask (e.g. /14)
to have a range chosen with a specific netmask. Set to a CIDR notation (e.g. 10.96.0.0/14)
from the RFC-1918 private networks (e.g. 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16) to
pick a specific range to use.

services_ipv4_cidr_block - (Optional) The IP address range of the services IPs in this cluster.
Set to blank to have a range chosen with the default size. Set to /netmask (e.g. /14)
to have a range chosen with a specific netmask. Set to a CIDR notation (e.g. 10.96.0.0/14)
from the RFC-1918 private networks (e.g. 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16) to
pick a specific range to use.

create_subnetwork- (Optional) Whether a new subnetwork will be created automatically for the cluster.

subnetwork_name - (Optional) A custom subnetwork name to be used if create_subnetwork is true.
If this field is empty, then an automatic name will be chosen for the new subnetwork.

The master_auth block supports:

password - (Required) The password to use for HTTP basic authentication when accessing
the Kubernetes master endpoint

username - (Required) The username to use for HTTP basic authentication when accessing
the Kubernetes master endpoint

If this block is provided and both username and password are empty, basic authentication will be disabled.
This block also contains several computed attributes, documented below. If this block is not provided, GKE will generate a password for you with the username admin.

The master_authorized_networks_config block supports:

cidr_blocks - (Optional) Defines up to 20 external networks that can access
Kubernetes master through HTTPS.

The master_authorized_networks_config.cidr_blocks block supports:

cidr_block - (Optional) External network that can access Kubernetes master through HTTPS.
Must be specified in CIDR notation.

disk_size_gb - (Optional) Size of the disk attached to each node, specified
in GB. The smallest allowed disk size is 10GB. Defaults to 100GB.

disk_type - (Optional) Type of the disk attached to each node
(e.g. 'pd-standard' or 'pd-ssd'). If unspecified, the default disk type is 'pd-standard'

guest_accelerator - (Optional) List of the type and count of accelerator cards attached to the instance.
Structure documented below.

image_type - (Optional) The image type to use for this node. Note that changing the image type
will delete and recreate all nodes in the node pool.

labels - (Optional) The Kubernetes labels (key/value pairs) to be applied to each node.

local_ssd_count - (Optional) The amount of local SSD disks that will be
attached to each cluster node. Defaults to 0.

machine_type - (Optional) The name of a Google Compute Engine machine type.
Defaults to n1-standard-1. To create a custom machine type, value should be set as specified
here.

metadata - (Optional) The metadata key/value pairs assigned to instances in
the cluster.

min_cpu_platform - (Optional) Minimum CPU platform to be used by this instance.
The instance may be scheduled on the specified or newer CPU platform. Applicable
values are the friendly names of CPU platforms, such as Intel Haswell. See the
official documentation
for more information.

oauth_scopes - (Optional) The set of Google API scopes to be made available
on all of the node VMs under the "default" service account. These can be
either FQDNs, or scope aliases. The following scopes are necessary to ensure
the correct functioning of the cluster:

Projects that enable the Cloud Compute Engine API with Terraform may need these roles added manually to the service account. Projects that enable the API in the Cloud Console should have them added automatically.

tags - (Optional) The list of instance tags applied to all nodes. Tags are used to identify
valid sources or targets for network firewalls.

taint - (Optional) List of
kubernetes taints
to apply to each node. Structure is documented below. This property is in beta, and should be
used with the terraform-provider-google-beta provider. See Provider Versions
for more details on beta fields.

workload_metadata_config - (Optional) Metadata configuration to expose to workloads on the node pool.
Structure is documented below. This property is in beta, and should be used with the terraform-provider-google-beta provider.
See Provider Versions for more details on beta fields.

enable_private_nodes (Optional) - Whether nodes have internal IP addresses only. If enabled, all nodes are given only RFC 1918 private
addresses and communicate with the master via private networking.

master_ipv4_cidr_block (Optional) - The IP range in CIDR notation to use for the hosted master network. This range will be used for
assigning internal IP addresses to the master or set of masters, as well as the ILB VIP. This range must not overlap with any other ranges
in use within the cluster's network.

In addition, the private_cluster_config allows access to the following read-only fields: